Skip to content

Instantly share code, notes, and snippets.

@robomfeinberg
Created September 26, 2019 18:54
Show Gist options
  • Save robomfeinberg/b65fd9b099304c7379f348f5ac27185b to your computer and use it in GitHub Desktop.
Save robomfeinberg/b65fd9b099304c7379f348f5ac27185b to your computer and use it in GitHub Desktop.
                       +------------------+
                       |                  |
                       |  Okta            |<------+
                       |                  |       |   AuthorizedKeysCommand
                       +------------------+       |   Get list of Okta groups
                                                  |   the user is assigned
                                                  |   permits access with signed key
+-------------+                                   +---------------------+
|             |                                   |                     |
|             <----------------------------+------>                     |  user account is added on 
|    CA       |                               +---+   AWSHost           |  the fly if it does not 
|  step-ca    <---------+                     |   |                     |  exist
+-------------+         |                     |   | AuthorizedKeysCommand
                        |                     |   +---------------------+
                        |                     |
                        |                     |
                        |                     |
                        |                     |
                        |                     |
                        |                     |
                        |+--------------------|
                        ||                    +
                        +>                    |  UsesProxyCommand to generate ssh certificate
                         |  End User Laptop   |  using step ca ssh. Authenticates with SAML
                         |                    |  to Okta. Completes ssh to awshost with signed
                         | ssh awshost        |  certificate
                         +--------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment